If you're streaming House of Cards in the background while you're reading this article, here's a question for you: who else (besides Netflix) knows you're streaming it?

In 2012, the engineering team at Netflix was presented with a daunting task from its corporate higher-ups to ensure that the answer to that question will always be "no one:" the team was asked to encrypt all Netflix traffic without rendering its video streams unwatchable.

The reasons for encryption were numerous. Besides ensuring that Netflix subscribers' viewing habits wouldn't be vulnerable to private eyes, it would also further assuage the security concerns of Netflix's TV and film studio partners, who had already demanded that Netflix use digital rights management to protect their streams.

Like nearly every other commercial website, Netflix has long used HTTPS encryption for credit card transactions and user login screens. The conventional wisdom, according to Netflix software engineer Scott Long, was that applying that same technique to processor-intensive video streaming would degrade performance by more than 250 percent compared to unencrypted streams. The engineers would have to figure out a way around that performance hit.

But as they set to work, they soon realized that Netflix's explosive growth in streaming content made the task more complicated than it initially seemed. The site now serves 125 million hours of content per day worldwide, and accounts for 33 percent of all the Internet traffic in North America. To top it off, the engineers had to implement the encryption while still meeting a goal of 100 Gb/s streaming bandwidth, up from 8 Gb/s when they first started in 2012.

Netflix's network engineering team is small, around a dozen people, but they have deep roots in enterprise software and hardware engineering, and equally deep connections to the open-source community. So they turned to that community to supplement their own expertise.

"Everything we're doing is open source or on its way to be open source in the near future," Long said at the Intel Developers Forum in San Francisco this week. Netflix quickly discovered that the commonly used secure socket layer (SSL) and its cousin, transport security layer (TLS) encryption, weren't fast enough. So the team added another open-source tool to the mix: the Intelligent Storage Acceleration Library, or ISA-L.

ISA-L helped, but it wasn't good enough: TLS on its own resulted in the expected 250 percent performance drop, while ISA-L produced 16.5 Gb/s streams—better, but still far short of the 100 Gb/s target.

With the help of Intel, which maintains the ISA-L standard, Long and his colleagues identified the bottleneck: ISA-L was a huge memory hog, demanding far more memory writes than it actually needed. Solving those issues got them up to 65 Gb/s. Replacing all of the memory modules with faster DDR4 RAM and tweaking some cache settings eked out an additional 19 Gb/s.

Related

While the team hasn't yet reached its 100 Gb/s goal of encrypted video streaming, it has enabled fast-enough streams that video quality no longer suffers because of encryption delays. Today, issues are more likely caused by a viewer's Internet service provider, and Netflix has many other people working on those issues.

"Adding encryption and authentication no matter how you slice it will impact performance," Long and his colleagues wrote in a recent technical paper describing their efforts. Still, they "fully believe that TLS is the right way to move forward" in ensuring that no one knows what you're watching on Netflix.

Well, almost no one: there's always the chance you'll accidentally mention something that happens in a future episode you agreed to only watch with your spouse. If that happens, no amount of encryption will save you from being forced to sleep on the couch.

About the Author

As a hardware analyst, Tom tests and reviews laptops, peripherals, and much more at PC Labs in New York City. He previously covered the consumer tech beat as a news reporter for PCMag in San Francisco and Silicon Valley, where he rode in several self-driving cars and witnessed the rise and fall of many startups. Before that, he worked for PCMag's s... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.